8 comments

[ 4.2 ms ] story [ 30.5 ms ] thread
There is a (2005) missing in the title.
Somehow, I think there's more to this story. I know that I sometimes play with a site's URL parameters, especially if I'm going to be giving them my credit card information and it looks like they're doing something non-standard or risky.

Of course, even with that caveat, criminalizing this sort of 'hacking' (or even calling it such) is absolutely absurd.

Of course, even with that caveat, criminalizing this sort of 'hacking' (or even calling it such) is absolutely absurd.

I don't know, it seems pretty simple to me: don't play with other people's toys unless they give you permission in advance.

If that means not handing over your own hard-earned money, well, at that point you've voted with your wallet. Better to tell the company why you're doing it in advance than cause stress on their side wondering "what on earth is this user doing?" ;)

This is quite old news from 2005.

The man in question donated to the tsunami fund, didn't see a confirmation page, and fearing a phising scam, ran a couple of security tests against the site. Total fine: 400 GBP plus 600 GBP costs:

http://www.zdnet.com/tsunami-appeal-site-hacker-found-guilty...

I haven't been able to found any details about what "security tests" were run against the site, but the UK's computer misuse act appears to be quite clear about it: if you're not authorised to access something, you've broken the law.

(comment deleted)
(comment deleted)